An efficient client–client password-based authentication scheme with provable security

Recently, Tso proposed a three-party password-based authenticated key exchange (3PAKE) protocol. This protocol allows two clients to authenticate each other and establish a secure session key through a server over an insecure channel. The main security goals of such protocols are authentication and privacy. However, we show that Tso’s protocol achieves neither authentication goal nor privacy goal. In this paper, we indicate that the privacy and authentication goals of Tso’s protocol will be broken by off-line password guessing attack and impersonation attack, respectively. To overcome the weaknesses, we propose an improved 3PAKE protocol to achieve more security and performance than related protocols. The security of the proposed improved protocol is proved in random oracle model.     

基于验证元的三方口令认证密钥交换协议

三方口令认证密钥交换协议使2个分别与可信服务器共享不同口令的用户建立起秘密的会话密钥.这类协议的优点是用户只需要记忆一个口令就可以与其他注册用户进行通信,因而三方口令认证密钥交换协议更适用于大规模的端到端通信.现有的大多数三方口令认证密钥交换协议均基于随机谕言模型来实现,只有少数协议不依赖服务器拥有公钥,而且在标准模型下是可证明安全的.另外多数协议中的口令以明文的形式存储在服务器上,服务器信息泄露将对用户和服务器的数据安全带来极大的危害.在标准模型下,使用平滑投影Hash函数设计了一个基于验证元的三方口令认证密钥交换协议,并证明了协议的安全性.此协议满足抵抗服务器泄露、不可检测的在线字典攻击和密钥私密性等安全属性.     

具有强安全性的三方口令认证密钥交换协议

大部分口令认证密钥交换(PAKE)协议的设计者忽略了长期密钥泄露可能造成的危害.文中发现仅仅依靠口令的安全性设计可以抵抗口令泄露攻击的三方PAKE协议是不可能的,所以文中采取服务器通过公钥实现认证的方法,设计一个可以抵抗口令泄露攻击的强安全性协议,其在随机预示和理想密码模型下基于ECGDH假设具有前向安全的特性.     

标准模型下高效的三方口令认证密钥交换协议

三方口令认证密钥交换协议允许两个分别与服务器共享不同口令的用户在服务器的协助下建立共享的会话密钥,从而实现了用户间端到端的安全通信.现阶段,多数的三方口令认证密钥交换协议都是在随机预言模型下可证明安全的.但在实际应用中,利用哈希函数对随机预言函数进行实例化的时候会给随机预言模型下可证明安全的协议带来安全隐患,甚至将导致协议不安全.以基于ElGamal加密的平滑投射哈希函数为工具,在共同参考串模型下设计了一种高效的三方口令认证密钥交换协议,并且在标准模型下基于DDH假设证明了协议的安全性.与已有的同类协议相比,该协议在同等的安全假设下具有更高的计算效率和通信效率,因此更适用于大规模的端到端通信环境.     

基于口令的三方认证密钥交换协议

传统的三方认证密钥交换协议不具备前向安全性,难以抵抗不可察觉在线字典攻击。为此,研究简单三方口令认证密钥交换协议,分析其存在的安全漏洞并加以改进,提出一种基于口令的三方认证密钥交换协议。分析结果表明,与其他协议相比,该协议的执行效率和安全性较高。     

A provably secure and efficient two‐party password‐based explicit authenticated key exchange protocol resistance to password guessing attacks

Password‐based two‐party authenticated key exchange (2PAKE) protocol enables two or more entities, who only share a low‐entropy password between them, to authenticate each other and establish a high‐entropy secret session key. Recently, Zheng et al. proposed a password‐based 2PAKE protocol based on bilinear pairings and claimed that their protocol is secure against the known security attacks. However, in this paper, we indicate that the protocol of Zheng et al. is insecure against the off‐line password guessing attack, which is a serious threat to such protocols. Consequently, we show that an attacker who obtained the users' password by applying the off‐line password guessing attack can easily obtain the secret session key. In addition, the protocol of Zheng et al. does not provide the forward secrecy of the session key. As a remedy, we also improve the protocol of Zheng et al. and prove the security of our enhanced protocol in the random oracle model. The simulation result shows that the execution time of our 2PAKE protocol is less compared with other existing protocols. Copyright © 2015 John Wiley & Sons, Ltd.     

改进的三方口令验证元认证密钥交换协议

在三方口令认证密钥交换(三方PAKE)协议中,每个用户仅仅需要和服务器共享一个口令,就可以在服务器的协助下与他人进行安全的密钥交换.由于有效地减少了用户管理口令的负担,三方PAKE协议在大规模用户集的安全通信中受到了较多关注.然而,已有的三方PAKE协议大多关注的是服务器利用明文存储用户口令的情形,没有考虑服务器口令文件泄露所造成的巨大威胁.在服务器端存放的是相应于用户口令的验证元的情形下,研究三方PAKE协议的分析和设计.首先分析了一个最近提出的基于验证元的三方PAKE协议,指出该协议易于遭受离线字典攻击,因此未能达到所宣称的安全性;其次,在分析已有协议设计缺陷的基础上,提出了一个新的基于验证元的三方PAKE协议,并在标准模型下证明了所设计的协议的安全性,与已有协议的比较表明,新提出的协议在提供了更高安全性的同时具有可接受的计算和通信效率.     

Cryptanalysis of simple three-party key exchange protocol

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in Journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol.     

Cryptanalysis of simple three-party key exchange protocol (S-3PAKE)

Password-authenticated key exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Lu and Cao proposed a three-party password-authenticated key exchange protocol, so called S-3PAKE, based on ideas of the Abdalla and Pointcheval two-party SPAKE extended to three parties. S-3PAKE can be seen to have a structure alternative to that of another three-party PAKE protocol (3PAKE) by Abdalla and Pointcheval. Furthermore, a simple improvement to S-3PAKE was proposed very recently by Chung and Ku to resist the kind of attacks that applied to earlier versions of 3PAKE. In this paper, we show that S-3PAKE falls to unknown key-share attacks by any other client, and undetectable online dictionary attacks by any adversary. The latter attack equally applies to the recently improved S-3PAKE. Indeed, the provable security approach should be taken when designing PAKEs; and furthermore our results highlight that extra cautions still be exercised when defining models and constructing proofs in this direction.     

适用于双方频繁通信的密钥交换协议

首先对以前提出的一个高效的基于验证元的三方密钥交换协议进行了安全性分析,指出了它容易受到服务器密钥泄露攻击等安全威胁,且缺乏前向安全性;并以此为基础,针对大多数现存的基于验证元的3PAKE协议均难以抵御服务器密钥泄露攻击的现状,提出了一个新的3PAKE协议。通过安全性分析,证明了新协议比原协议更安全,能够抵御各种已知的攻击,且与现有的大多数同类协议相比具有更高的效率。     

Simple password-based three-party authenticated key exchange without server public keys

Password-based three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember passwords. In considering authentication between a server and user, this study categorizes password-based three-party authenticated key exchange protocols into explicit server authentication and implicit server authentication. The former must achieve mutual authentication between a server and users while executing the protocol, while the latter only achieves authentication among users. This study presents two novel, simple and efficient three-party authenticated key exchange protocols. One protocol provides explicit server authentication, and the other provides implicit server authentication. The proposed protocols do not require server public keys. Additionally, both protocols have proven secure in the random oracle model. Compared with existing protocols, the proposed protocols are more efficient and provide greater security.     

A communication-efficient three-party password authenticated key exchange protocol

Three-party password authenticated key exchange (3PAKE) protocols allow two users (clients) to establish a session key through an authentication server over an insecure channel. Clients only share an easy-to-remember password with the trusted server. In the related literature, most schemes employ the server public keys to ensure the identities of both the servers and symmetric cryptosystems to encrypt the messages. This paper describes an efficient 3PAKE based on LHL-3PAKE proposed by Lee et al. Our 3PAKE requires neither the server public keys nor symmetric cryptosystems such as DES. The formal proof of security of our 3PAKE is based on the computational Diffie-Hellman assumption in the random oracle model along with a parallel version of the proposed 3PAKE. The comparisons have shown that our 3PAKE is more practical than other 3PAKEs.     

标准模型下隐私保护的多因素密钥交换协议

多因素认证密钥交换协议融合多种不同的认证因素来实现强安全的身份认证和访问控制,在具有高级别安全应用需求的移动泛在服务中具有巨大的应用潜力.现阶段多因素协议的研究成果还不丰富,并且已有协议都是在随机预言模型下可证明安全的.以两方口令认证密钥交换协议、鲁棒的模糊提取器以及签名方案为基本组件提出了一个标准模型下可证明安全的多因素协议.本文的协议中服务器不知道用户的生物模板,因此实现了对生物信息的隐私保护.与已有的随机预言模型下的多因素协议相比,本文的协议在满足更高安全性的同时具有更高的计算效率和通信效率,因此更满足高级别安全的移动泛在服务的应用需求.     

An novel three-party authenticated key exchange protocol using one-time key

Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-party authenticated key exchange protocol which aims to achieve more efficiency with the same security level of other existing 3PAKE protocols. Security analysis and formal verification using AVISPA tools show that the proposed protocol is secure against various known attacks. Comparing with other typical 3PAKE protocols, the proposed protocol is more efficient with less computation complexity.     

具有强匿名性的网关口令认证密钥交换协议

网关口令认证密钥交换协议允许用户和网关在服务器的协助下建立起一个共享的会话密钥,其中用户和服务器之间的认证通过低熵的口令来完成.已有的网关口令认证密钥交换协议对用户的匿名性研究不足.该文基于Diffie-Hellman密钥交换提出了具有强匿名性的网关口令认证密钥交换协议,并且在随机预言模型下基于标准的DDH假设证明了协议的安全性.新协议可以抵抗不可检测在线字典攻击并且计算效率高,安全性和计算效率都优于已有的同类协议.     

Provably secure three-party password-based authenticated key exchange protocol

A three-party password-based authenticated key exchange (3PAKE) protocol is a useful mechanism to establish a secure session key in a network. However, most current 3PAKE protocols only achieve “heuristic” security; the underlying hardness assumptions of these protocols are not perfect. We propose a 3PAKE protocol which is provably secure if the Diffie–Hellman problem is computationally infeasible (the CDH assumption), even in the 3eCK model where the adversary is allowed to make more queries and have more freedom than previous models. In our formal proof, we use the trapdoor test technique introduced by Cash, Kiltz and Shoup to construct an efficient decision oracle. As far as we know, our protocol is the first provably secure 3PAKE protocol based on the CDH assumption and the first 3PAKE protocol using the trapdoor test technique for the security proof.     

Security weakness in a three-party pairing-based protocol for password authenticated key exchange

Authentication and key exchange are fundamental for establishing secure communication channels over public insecure networks. Password-based protocols for authenticated key exchange are designed to work even when user authentication is done via the use of passwords drawn from a small known set of values. Recently, Wen et al. (H.-A. Wen, T.-F. Lee, T. Hwang, Provably secure three-party password-based authenticated key exchange protocol using Weil pairing, IEE Proceedings—Communications 152 (2) (2005) 138-143) proposed a new protocol for password-based authenticated key exchange in the three-party setting, where the clients trying to establish a common secret key do not share a password between themselves but only with a trusted server. Wen et al.’s protocol carries a claimed proof of security in a formal model of communication and adversarial capabilities. However, this work shows that the protocol for three-party key exchange is completely insecure and the claim of provable security is seriously incorrect. We conduct a detailed analysis of flaws in the protocol and its security proof, in the hope that no similar mistakes are made in the future.     

改进的三方口令认证密钥交换协议

基于三方的口令认证密钥交换（3PAKE）协议是客户通过与可信服务器共享一个口令验证元,在两客户进行通信时通过此可信服务器进行会话密钥的建立与共享,从而进行通信。首先对李文敏等人提出的协议进行安全性分析,发现该协议易受离线字典攻击和服务器泄露攻击。提出了一个改进协议,该协议能够提供双向认证、会话密钥机密性和前向安全性,能够有效抵抗多种攻击,包括离线字典攻击和服务器泄露攻击。     

基于RSA的网关口令认证密钥交换协议

网关口令认证密钥交换协议是一个三方协议,使得用户和网关在服务器的协助下建立起一个安全的会话密钥,从而实现用户和网关之间的安全通信.已有的网关口令认证密钥交换协议都是基于Diffie-Hellman密钥交换设计的.利用张木想所设计的PEKEP协议,提出了基于RSA体制的可证明安全的网关口令认证密钥交换协议.在随机预言模型...